Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure
Here’s a quick recap. Between 2015 and March 2018, there was a serious privacy hole in the Google Plus social network that meant users’ …
Browsing: Vulnerability
Satan Ransomware Variant Exploits 10 Server-Side Flaws
A new version of ransomware that first surfaced about two years ago is garnering attention for its ability to spread via as many as ten …
Toyota’s PASTA- A car hacking tool to enhance automobile cybersecurity
A team of security researchers working for the renowned automobile maker Toyota have developed a new car hacking tool. Dubbed as PASTA …
A Photographer’s Pursuit of Vulnerability and Expression
Photographer Lenghi Teng has a lot of influences to inspire her art: she was born in Vietnam, grew up in a Chinese family, and moved to the …
Kubernetes Deployments Around the World Show Vulnerabilities
Kubernetes owners who expose APIs to the Internet are leaving their systems open to …
Chrome 71 Patches 43 Vulnerabilities
Some of the most important security bugs addressed in Chrome 71 include use after free issues in PDFium, Blink, WebAudio, and …
Kids’ VTech tablets vulnerable to eavesdropping hackers
VTech, the Hong-Kong-based smart-toy maker has hit another bump in the road. This time around, it’s a serious security flaw in the …
Kubernetes Vulnerability Hits Top of Severity Scale
The security risks are made even more challenging in that a compromise might not be detectable as it obfuscates the detection …
Unpatched Vulnerabilities Enable Adobe Flash Zero-Day
Adobe has issued security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS after another active exploitation of a …
Marriott, Kubernetes and PewDiePie [PODCAST]
On the Naked Security podcast this week: Marriott’s huge and scary data breach, a bug in software management software could be a data …
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Attackers targeting Windows are typically after domain admin privileges. Once they have it, researchers say, the security questions feature …
Don’t Dismiss the Small Vulnerabilities in Your Code
The original article was published by security researcher Linus Särud on the Detectify blog. Never dismiss a small vulnerability because …
Critical Kubernetes privilege escalation flaw patched, update ASAP!
A critical privilege escalation vulnerability affecting the popular open source cluster management and container orchestration software …
API Vulnerabilities Found on USPS Website Expose Private User Data
A little over a year ago, an anonymous researcher pointed out a vulnerability on the USPS website that allowed site visitors to see users’ …
Fleetco Fleet Maintenance Management 1.2 Remote Code Execution
# Exploit Title: Fleetco Fleet Maintenance Management 1.2 – Remote Code Execution # …
Critical Vulnerability Allows Kubernetes Node Hacking
Kubernetes has received fixes for one of the most serious vulnerabilities ever found in the project to date. If left unpatched, the flaw …
Apache Superset 0.23 Remote Code Execution
Apache Superset version 0.23 suffers from a remote code execution …
[remote] HP Intelligent Management – Java Deserialization RCE (Metasploit)
## # This module requires Metasploit: https://metasploit.com/download # Current …
PaloAlto Networks Expedition Migration Tool 1.0.106 Information Disclosure
Topic: PaloAlto Networks Expedition Migration Tool 1.0.106 Information Disclosure …
HP Intelligent Management Java Deserialization Remote Code Execution
HP Intelligent Management Java Deserialization Remote Code Execution Posted Dec 4, 2018 Authored by mr_me, Carsten MaartmannMoe | Site …
Bleichenbacher’s CAT puts another scratch in TLS
Are the underpinnings of HTTPS security as foolproof as everyone assumes they are? The answer should be a resounding ‘yes’ unless, that …
Zoom patches serious video conferencing bug
Zoom patched a bug this week that enabled people to hijack customer video conferences. Attackers with network access could have taken …
How to Get Instant Java Web Security Vulnerability Alerts in GitHub
If you’re building Java web applications or Java Web API’s and you want to do your own security testing, wouldn’t you rather not run a …
‘Critical’ Kubernetes flaw enables attackers to gain administrative control
A recently discovered flaw in the Kubernetes orchestration manager can enable any authorized user to gain administrative privileges that …
Vulnerability discovered in safety controller configuration software
Gjoko Krstic, an Applied Risk researcher, has discovered a vulnerability in Pilz PNOZmulti Configurator software that allows a local …
Router attack exploits UPnP and NSA malware to target PCs
Researchers have found evidence that the UPnProxy router compromise uncovered earlier in 2018 is now being used to attack computers on …
Printers pulled into 9100 port attack spew PewDiePie propaganda
A battle for who owns the YouTube crown for top channel has been waged over the past few months between fans of Swedish video game …
Faster fuzzing ferrets out 42 fresh zero-day flaws
A group of researchers has found 42 zero-day flaws in a range of software tools using a new take on an old concept. The team, from …
Open Source Hack Creates Vulnerability in Bitcoin Wallet Application Copay
An attack on the Bitcoin wallet application Copay has left many cryptocurrency customers questioning the security of their digital cash. It …
Wireshark 2.6.5 Released With Fixes for Number of Vulnerabilities that Could Crash the Wireshark
The most popular and widely used network protocol analyzer Wireshark released a new version Wireshark 2.6.5, that comes with the fix for a …